name: Build and Release .deb

on:
  push:
    branches:
      - master
  workflow_dispatch:

jobs:
  build-deb:
    runs-on: [docker]
    steps:
      - name: Checkout
        env:
          FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }}
        run: |
          git clone "http://x-access-token:${FORGEJO_TOKEN}@10.0.0.4:3000/geronzi/full_updater.git" /workspace/repo
          cd /workspace/repo
          git fetch --prune --no-recurse-submodules origin +refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/* || true

      - name: Determine version
        working-directory: /workspace/repo
        id: version
        run: |
          set -e
          git checkout master || git checkout -b master origin/master
          DATE=$(date +%Y.%m.%d)
          SHA=$(git rev-parse --short HEAD)
          VERSION="${DATE}.${SHA}"
          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
          echo "Detected version: ${VERSION}"

      - name: Update debian changelog
        working-directory: /workspace/repo
        env:
          VERSION: ${{ steps.version.outputs.version }}
          GIT_SHA: ${{ github.sha }}
        run: |
          DATE=$(date -R)
          printf '%s\n' "full-updater (${VERSION}) unstable; urgency=medium" "" "  * Auto-built release from commit ${GIT_SHA}" "" " -- Forgejo CI <ci@geronzi.fr>  ${DATE}" > debian/changelog

      - name: Install build dependencies
        working-directory: /workspace/repo
        run: |
          apt-get update
          apt-get install -y build-essential debhelper devscripts fakeroot

      - name: Build .deb package
        working-directory: /workspace/repo
        env:
          VERSION: ${{ steps.version.outputs.version }}
        run: |
          dpkg-buildpackage -us -uc -b -tc
          mkdir -p dist
          cp ../*.deb dist/

      - name: Upload release asset
        working-directory: /workspace/repo
        env:
          FORGEJO_TOKEN: ${{ secrets.FORGEJO_TOKEN }}
          VERSION: ${{ steps.version.outputs.version }}
        run: |
          TAG="v${VERSION}"
          FILE="dist/full-updater_${VERSION}_all.deb"
          curl -s -X POST \
            -H "Authorization: token ${FORGEJO_TOKEN}" \
            -H "Content-Type: application/json" \
            -d "{\"tag_name\": \"${TAG}\", \"name\": \"Release ${TAG}\", \"body\": \"Automated build from master\"}" \
            "http://10.0.0.4:3000/api/v1/repos/geronzi/full_updater/releases" || true
          RELEASE_ID=$(curl -s -H "Authorization: token ${FORGEJO_TOKEN}" \
            "http://10.0.0.4:3000/api/v1/repos/geronzi/full_updater/releases/latest" | python3 -c "import sys,json; print(json.load(sys.stdin).get('id',''))")
          if [ -n "$RELEASE_ID" ] && [ "$RELEASE_ID" != "None" ]; then
            curl -s -X POST \
              -H "Authorization: token ${FORGEJO_TOKEN}" \
              -H "Content-Type: application/octet-stream" \
              --data-binary @"${FILE}" \
              "http://10.0.0.4:3000/api/v1/repos/geronzi/full_updater/releases/${RELEASE_ID}/assets?name=$(basename ${FILE})"
          fi

      - name: List dist artifacts
        working-directory: /workspace/repo
        run: |
          echo "=== Built artifacts ==="
          ls -la dist/